Lucene search

K

[email protected]NVD:CVE-2008-3218

HistoryJul 18, 2008 - 4:41 p.m.

CVE-2008-3218

2008-07-1816:41:00

CWE-79

[email protected]

web.nvd.nist.gov

7

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

57.4%

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.

Affected configurations

Nvd

Node

drupaldrupalRange6.0–6.3

Node

fedoraprojectfedoraMatch8

OR

fedoraprojectfedoraMatch9

References

drupal.org/node/280571

secunia.com/advisories/31079

www.openwall.com/lists/oss-security/2008/07/10/3

www.securityfocus.com/bid/30168

bugzilla.redhat.com/show_bug.cgi?id=454849

exchange.xforce.ibmcloud.com/vulnerabilities/43704

www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

57.4%

Related for NVD:CVE-2008-3218

ubuntucve1 github1 prion1 cve1 osv1 cvelist1 openvas6 freebsd1 nessus4 redhatcve1